A Forum for Homeland Security Professionals

On the Need for a New Diplomatic Dimension for Cyberspace

2013 September 15

by Jason Nairn, CPP, CISSP

In the wake of Mandiant’s APT1 report and in the midst of the Edward Snowden affair, it has become increasingly apparent that cyber diplomacy is something different than traditional international statecraft, and that the current diplomatic model is not sufficient. Countries of the world, including and especially the United States, are attempting to manage cyber-related issues via existing diplomatic fora, using existing diplomatic resources. The results are predictably disappointing, since cyberspace rarely conforms to the traditional business models of the 20th Century and before.

In June (2013) the State Department issued a press release to announce the United States’ conformation to the findings of the United Nations’ Group of Governmental Experts on Cyber Issues regarding the effective applicability of the UN Charter and international law to cyberspace. Little attention was paid to the announcement, but its significance should be noted. The overlay of existing international law and pre-cyber landscape charters is convenient (easy), but will not conquer the wicked problems of today and certainly not tomorrow. The ability to be engaged in a cyber war with a country in the virtual world while simultaneously maintaining “normal” diplomatic relations in the “real world” cannot be addressed by current standards. This is the state of affairs today as the Mandiant report illustrates. Yet, as normal diplomatic procedures require careful rapprochement, diplomats dance the dance and each party avoids discussing the issue directly while business interests are drained of their intellectual property like a water park after Labor Day.

The answer is not the United Nations or governments, which is why the problem may never be solved adequately in the current generation. What matters in the networked world is data and infrastructure, and threats and vulnerabilities. Nations are data owners (or at least holders), but so are companies, groups and individuals (like Snowden (he’s currently a holder)). Nations also own infrastructure, but so do the private sector entities which own, for instance, the end user interface and telecommunications infrastructure. A forum must be established where these stakeholders can operate on more of an equal footing, where countries are considered stakeholders just like the companies that own the networks on which they ply their trade. The solution lies in a new dimension, one that is not formed in the crucible of the United Nations but is rooted in the networked world in which it must operate. The management of our global network must be something complex and wonderful like the internet itself. Where the power is held in the hands of those with the knowledge, information and interest to influence the direction of the global network. It must be dependent on self-organized criticality.

A continued insistence on the application of current diplomatic technology in cyberspace is likely to diminish the progress of the human race. The evolution of the networked human will be slowed by the Dickensian chains of nation-based world order. The so-called “Arab Spring” provides evidence that the youth of the world with access to today’s technology cannot be satisfied when burdened by the constraints of national governments unwilling to free them to take full advantage of a networked Earth. While the former generation’s power brokers attempt to make these disturbances about political and religious issues (because that is what they know), the heart of the issue is really growing pains. We are evolving as a species faster than our organizational structure will allow.

A positive first step would be the recognition that national sovereignty is not a major factor in the future paradigm, and that the United Nations, which has failed to act promptly and responsibly to address conventional issues, is simply not equipped to manage the complexity of a networked solar system.